ISR Global | International Systems Research Co.https://www.isrglobal.com
International Systems Research Co. (ISR), established in 1993 in Tokyo, is a certified Google Enterprise Partner (GEP). Its vision, One Safe Login, means that ISR is making the Internet’s cloud based information sharing platforms safe for anyone, anyplace, anytime.Fri, 18 Aug 2017 03:52:48 +0000en-UShourly1https://wordpress.org/?v=4.8.1https://www.isrglobal.com/wp-content/uploads/sites/2/2017/03/cropped-logo-1-32x32.pngISR Global | International Systems Research Co.https://www.isrglobal.com
3232125036037ISR is certified as the first Google Premier Partner of The Technology Track in Japanhttps://www.isrglobal.com/isr-certified-first-google-premier-partner-technology-track-japan/
https://www.isrglobal.com/isr-certified-first-google-premier-partner-technology-track-japan/#respondThu, 17 Aug 2017 10:07:26 +0000https://www.isrglobal.com/?p=15708First in Japan, ISR was elevated from Google Standard Partner to Google Premier Partner of The Technology Track. As a...

As a Google Premier Partner, ISR received certification from Google on the technology of CloudGate, and will be able to further cooperate with Google closely to provide even better technical support for our CloudGate users.

ISR exhibited atAWS Summit Tokyo 2017
as a Silver Sponsor

International Systems Research Co. (ISR) exhibited at AWS Summit Tokyo 2017 as a Silver sponsor from May 31 to June 2. ISR held its session and announced its new service CloudGate Key Manager, an SSH Key management solution for cloud services.

We would like to express our heartfelt gratitude to everyone who answered the survey and visited the booth during the event. We greatly appreciate all the interests, comments, and questions from everyone. Providing quality service is of utmost importance to our company and we will continue to improve our services based on the feedback we received.

In the near future we will be sharing more information on how CloudGate Key Manager can protect your instance login, so stay tuned and look forward to our future updates!

ISR announcesCloudGate Key Manager

With ever more computing resources moving off-premise and into the cloud, controlling access to these resources becomes increasingly important. Traditionally, remote access to server instances is performed using the SSH protocol, and, while the protocol in itself provides adequate security mechanisms, organizations continue to struggle to deploy these mechanisms at scale.

To boost SSH security, moving from username/password authentication to public key authentication is an important first step, but provisioning authorized keys to a large number of instances proves to be unwieldy and hard to manage. This, in turn, results in a wild growth of long-lived keys, which —as they are often shared across instances and used by multiple users or even entire teams— puts the entire infrastructure at risk.

CloudGate Key Manager addresses these problems by issuing short-lived keys to individual users. With the ability to force key rotation on a monthly, weekly, daily, or even hourly basis, CloudGate Key Manager greatly reduces the risk of stale keys finding their way out of the organization. In addition, flexible attribute-based policies allow administrators to implement fine-grained access control, and limit the resources that can be accessed by a specific user, group, or organizational unit.

By providing the tools needed to maintain visibility and control over SSH keys, as well as the resources that they provide access to, CloudGate Key Manager minimizes the risk of unauthorized access, and allows developers and administrators to focus instead on creating value for the organization.

Tokyo, Japan:International Systems Research Co. (ISR), a certified Google Enterprise Partner, Google Cloud Platform Partner, and security solutions provider, today announced that it has established an exclusive reseller agreement for the Japanese market with DivvyCloud, a certified Amazon Web Services Advanced Technology Partner that provides an automated policy enforcement solution for multi-cloud services.

Led by cloud services like Amazon Web Service (AWS), Microsoft Azure, and Google Cloud Platform (GCP), public cloud services have grown rapidly worldwide. The public cloud is becoming the default infrastructure option for enterprise applications. However, along with the convenience offered by the cloud services, come various implementation and adoption challenges. In the interest of agility, many cloud adopters decentralize provisioning in favor of agility, making it easy for the organization to lose sight of their cloud resources. In order to bring global visibility, DivvyCloud has developed a tool to automatically detect and discover new resources in real-time as they are being created, and inspect these resources for policy compliance, taking automated remediative action where necessary.

DivvyCloud’s BotFactory™ provides over 100 types of standard automation Bots to meet enterprises’ needs. Bots automate policies around cost controls, security enforcement and organizational policy compliance. Customers can implement Bots as needed from the standard library, or create their own using BotFactory.

“When using the public cloud, there are some problems such as managing cost, security and grasping the cloud usage as the scale increases.” said Raul Mendez, the founder and CEO of ISR. “However, by implementing DivvyCloud, it is possible to save manpower and time involved in the cloud management, allocate resources to creative and productive activities. Therefore, we believe that by using DivvyCloud, ISR can contribute to the ops management in Japanese enterprises as they move their applications to the public cloud.”

ISR is planning to launch their DivvyCloud services on January 16th, 2017.

Brian Johnson, CEO of DivvyCloud, commented, “we are excited to partner with ISR, a leading cloud innovator in the Japanese market. We expect DivvyCloud’s automated policy enforcement technology to support and facilitate the large, growing cloud market in Japan.”

*All product names, company names, and organization names appeared are registered trademark.

About International Systems Research Co. (ISR)
ISR, established in 1993 in Tokyo, is a certified Google Enterprise Partner (GEP) since 2008 that has been developing the CloudGate authentication service for G SuiteTM and since then it has grown along with the G Suite ecosystem reaching 620,000 users in 1,200 Japanese and international companies at the end of March 2016. The company is built on customer satisfaction, and as such will continue providing high quality products and services based directly on clients’ needs.

In view of increased attention on information security and demands on strong authentication, ISR is creating a news column on strong authentication. We will select a number of relevant topics and aggregate news about what is happening in the industry. The digests are meant to be informative yet we hope to present the opinion and insights.

In our last post, A Revolution in Authentication, we pointed out that the authentication process of openning an office door with a physical smartcard or key is seriously flawed since there was no identity verification. We suggested that this could be solved by using biometric authentication applications on smartphones, which is also easier to use.

In this post, we will get into the details regarding the problems of password-based authentication, which most of us still use daily in their user authenticaiton in local networks and online accounts.

The current password-based authentication system has serious issues with accuracy, user expereince, and confidentiality.

First of all, the password as the only information provided to the system is not sufficient and accurate to determine the identification of an end user. Biometric information of the user is far more accurate in identifying the right user.

Secondly, the user experience is far from satisfying in a traditional authentication system that uses ID and password. The user is burdened to memorize multiple passwords for different services and probably renew them regularly. Using biometric information in authentication frees the user from having to hold multiple passwords.

Last but not least, ID & Password based authentication is inherently flawed at its confidentiality. The most confidential thing in such an authentication is of course passwords. Unfortunately, these sort of breaches are reported almost every day. The reasons behind the password breaches are mostly of two kinds, the first kind has to do with technological issues, the second kind with the user not comply with administration or IT policy.

Regarding the technological issues, the vulnerabilities of IT systems and networks are causes of lots of password breaches. In a typical ID/password-based authentication, when a user uses password to login, he recalls the password which matches the one stored on the service. He types in the password and submit to the service, the service takes in his input and, if that matches what has been setup and stored, the service lets the user login and use the service. Passwords are commonly stored on the service side in encrypted formats. This sort of authentication method has been a standard among internet services since they are simple and easy to understand for the service providers and users.

However, things can go wrong all through this process. The user’s PC could be compromised with key loggers or memory overflow. When the password is transmitted through the internet, attackers could take advantage of the network vulnerabilities and wiretap. Attackers can also hack into the servers of the service and obtain the ID/password files, which could be in plain text or weakly encrypted. Anything goes wrong in this authentication defeats the confidentiality.

Regarding the issues with the end user itself, the user who has to retain strong password(s) for multiple services will mostly likely write down the password(s) on a note. Once he/she let other people see the note or lose the note, he/she loses password(s) to the services. This practice is commonly seen but poses high risk to confidentiality of ID/password-based authentication.

The problems with accuracy, user experience, and confidentiality can be solved by implementing biometric authentications such as those based on the FIDO UAF protocol. In the next blog we will explain in details how FIDO UAF authentication works and cite the technical details.

]]>1700ZDNet: Google is looking at ways to keep you continuously logged into an account using a smartphone’s video camera.https://www.isrglobal.com/zdnet-google-auth/
Mon, 04 Apr 2016 09:15:46 +0000http://www.isrus.com/?p=1535Google is developing real-time facial-recognition tech that uses a phone's front camera to continuously authenticate users when they're logged into a bank or email account.

]]>Google is developing real-time facial-recognition tech that uses a phone’s front camera to continuously authenticate users when they’re logged into a bank or email account.

Continuous authentication is viewed as a promising way of improving on today’s approach of only using credentials at the beginning of a session.

Researchers at the University of Maryland, Rutgers University, and Google’s Advanced Technology and Projects (ATAP) unit are using a machine-learning technique to develop a lightweight algorithm that allows a smartphone’s front-facing camera in video mode to conduct real-time facial recognition using partial facial images.

The so-called ‘facial segment-based face detector’ (FSFD) has been tested using face video from the front-facing camera of 50 iPhone users in different lighting conditions.The researchers believe the FSFD technique “is suitable for face-based continuous authentication on mobile devices due to its high recall at excellent precision”. The next phase of work will look at accurate facial landmark detection.

]]>A simple to understand how-to guide has been published by Bill Snyder at CIO.com. Snyder provided a introduction of how services such as TeleSign and TurnOn2FA can help the consumer turn on two factor authentication for more than 200 websites and financial services. For more information, refer to Snyder’s post:

]]>11011[Special Topic] A Revolution in Authenticationhttps://www.isrglobal.com/revolution-in-authentication/
Thu, 11 Feb 2016 00:34:01 +0000http://www.isrus.com/?p=1520The combined two step authentication method on smartphones, consisting of fingerprint user authentication followed by device authentication, is much more secure that present methods without sacrificing the user experience. The new authentication, having a better user experience and being more secure, has the potential to revolutionize the authentication in consumer services.

In view of increased attention on information security and demands on strong authentication, ISR is creating a news column on strong authentication. We will select a number of relevant topics and aggregate news about what is happening in the industry. The digests are meant to be informative yet we hope to present the opinion and insights.

The proliferation of smartphones is having a major impact on the ease with which we use services throughout the day as we leave our home, ride trains, enter our workplace, have a meal at a restaurant, etc.

The typical way to gain access to the train system or to our workplace is to be authenticated at the entrance by using an electronic card or a key. These tokens allow our authentication by offering a proof of identity but the accuracy of the authentication (the security of the system) can be greatly enhanced by adding one extra layer to the authentication based on our fingerprint using smartphone.

The expanded system is not only more secure. It presents to the user a ‘one touch’ easy experience. The new authentication, having a better user experience and being more secure, has the potential to revolutionize the authentication in consumer services.

Present Authentication Systems

Today’s authentication systems to enter transit system or to enter workplace are proxy systems. Proxy systems authenticate us by authenticating keys or cards (tokens) that we present to gain access to these systems. A typical door/lock system is not smart enough to recognize our face but they can verify (authenticate) our key or smart card easily. Recently this verification can be done using NFC technology with just one tap of the key or card to the door or turnstile. The tap offers and improved user experience to, say, having to insert a key into the lock.

Adding one extra layer of authentication

Since smartphone adoption is nearly universal we can improve on the above token-based authentication systems through our smartphones. In the last few years, emulation of key or smart card tokens by apps on smartphones, allowing one touch (NFC-based) interaction with doors or turnstiles, have greatly improved the authentication user experience.

More recently, the adoption of fingerprint scanners by major smartphone vendors will mostly likely result in more accurate (secure) authentication systems. This will be accomplished by adding an extra user authentication step to the token (smartphone app) authentication. In the new step, the smartphone authenticates the user by verifying fingerprint. This step verifies the user directly by using something the user is as compared with previous token step when user was authenticated using something the user has.

The combined two step authentication method, consisting of fingerprint user authentication followed by device authentication, is much more secure that present methods without sacrificing the user experience.

]]>11010Single Sign On to the Cloud with Your Fingerprint: CloudGate utilizes Touch ID to provide fingerprint authenticationhttps://www.isrglobal.com/touchid-pr/
Thu, 05 Nov 2015 09:00:35 +0000http://www.isrus.com/?p=1508ISR started to offer fingerprint authentication option in its cloud authentication and access control service, CloudGate. CloudGate users are able to use this option on their Touch ID equipped iOS devices immediately.

Tokyo, Japan: International Systems Research Co. (ISR) announced that it started to offer fingerprint authentication option in its cloud authentication and access control service, CloudGate. CloudGate users can use this option on their Touch ID-equipped iOS devices immediately.

When fingerprint authentication option is enabled, CloudGate users will get prompt on their iOS devices to validate their login requests initiated via PC browsers. With the correct user ID and Touch ID fingerprint, CloudGate users can securely access Cloud services such as Google Apps for Work and Office 365 without memorizing and typing in passwords. This feature works with Touch ID-equipped iPhones out-of-box, with no additional peripherals needed.

Login using ID and Password used to be the mainstream in authentication for corporate information systems. However, authentication by verifying traditional static passwords that the user memorizes and keeps secret always suffers from the risks of forgotten passwords or stolen passwords. One-time password authentication using USB tokens or mobile apps is one of the solutions to the vulnerability of password authentication. However, this solution brings extra burden to the users who would have to carry additional device(s) and enter extra dynamic passcode(s).

Ever since Cloud services started to catch up in the enterprise IT systems, authentication mechanism has not been changed much. Many companies still are inclined to use conventional password authentication for that is intuitive to implement in their IT systems. Moving to the Cloud requires the daily user login process to be carried out over the Internet, thus calls for robust and simple authentication that can solve the dilemma of choosing between security and convenience.

CloudGate Fingerprint Authentication

CloudGate only requires a Touch ID-equipped iOS device to implement fingerprint authentication. The user does not need to carry additional fingerprint scanning device.

Fingerprint authentication is built based on Apple’s Touch ID technology that has top notch reliability and security.

Fingerprint authentication can be alternatively used, providing the strong 2nd factor, in addition to ID/Password authentications.

CloudGate has been an essential secure authentication and access control service for Google Apps since 2008.It is now serving more than 1,100 companies with 600,000 end users. The newly launched fingerprint authentication will help IT administration and end users boost security and reduce their daily login stress. For corporate management and IT administration, the passwordless authentication mechanism will greatly reduce the helpdesk workload in password recovery and reset.

With fingerprint authentication option, ISR is devoted to making its one safe login cloud service secure and reliable, and accessible to more and more users.

*”Google Apps for Work” is a registered trademark of Google Inc.

*”Salesforce” is a registered trademark of Salesforce.com Inc.

* All other trade names, company names, organization names are trademarks or registered trademarks of their respective companies.

About International Systems Research Co. (ISR)

ISR, established in 1993 in Tokyo, is a certified Google Enterprise Partner (GEP) that has been developing security and business related applications and services for the enterprise market since the early era of the Internet. Since 2008 ISR has offered the CloudGate Authentication service, which is Japan’s leading authentication service for Google AppsTM with more than 30% market share. As a sponsor of FIDO Alliance, ISR is leading the industry in making authentication secure, reliable, expandable, and easy to implement and intuitive to use for companies and end users. The company is built on customer satisfaction, and as such will continue providing high-quality products and services based directly on clients’ needs.

]]>ISR will hold a Japanese webinar on Friday, November 13th, 2015 2:00-3:00 PM (JST).

The webinar will cover the topics about strong authentication for Single Sign-on and Cloud services. ISR will demonstrate how CloudGate have made authentication strong and easy to use by using Apple Touch ID and FIDO Alliance’s authentication protocols.